3 replies

Forbid all but one field using field policies

Hello, I need to forbid Anonymous actor access to all fields but id and

status

status

. Basically it's needed for some calulcations but we don't want him to have access to any other data. So I've tried using policies like this:

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

But this seems to not be working, probably because for

status

status

filed Ash checks policies from both

status

status

and

:*

:*

. Is there any way to achieve that?

Ash Framework•3y ago•

3 replies

Myrmyr

Forbid all but one field using field policies

Hello, I need to forbid Anonymous actor access to all fields but id and

status

status

. Basically it's needed for some calulcations but we don't want him to have access to any other data. So I've tried using policies like this:

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

But this seems to not be working, probably because for

status

status

filed Ash checks policies from both

status

status

and

:*

:*

. Is there any way to achieve that?

Forbid all but one field using field policies

Similar Threads

Forbid all but one field using field policies

Similar Threads

Similar Threads

Similar Threads